Hackers can make your device explode with a fast charger
What's the story
Fast chargers are a boon for people who prefer to power up their phones/laptops in quick and short charging sessions. They can easily restore a dying device to working condition in 15-20 minutes, but if a new report is anything to go by, the same power bricks can also pose a threat to your gadget, perhaps even your life. Here's how.
Issue
'BadPower' attack can misconfigure fast chargers
In a recent report, researchers from Tencent's Xuanwu Lab have warned that hackers can misconfigure the firmware of fast chargers to melt the internal components of connecting charging systems (phones/laptops) or to make them explode. They call the attack 'BadPower' and claim it could be carried out either using a special rig or a laptop/smartphone infected with malicious code (depending on the charger).
Working
Fast chargers use their firmware to work with compatible devices
Even though fast chargers look like normal power bricks, they carry a special firmware that matches the input capacity of the connected device to supply the right amount of power. For instance, if an eligible device is connected, the charger supplies 12V, 20V, or even more juice. But, in the case of an incompatible unit, it falls back to standard (and safe) 5V charging.
Details
BadPower changes charging parameters
As the researchers explained, when BadPower attack is carried out, the firmware of the targeted fast charger is corrupted and rendered ineffective. This way, the charger loses the parameters of giving the right amount of voltage and ends up overloading devices that can bear only so much power. That, ultimately, causes the devices' components to heat up, melt, or even burn.
Test
18 fast chargers were found vulnerable in test
To test their attack method, the researchers tried corrupting the firmware of 35 fast chargers. Out of these, 18 were found to be vulnerable to the attack, although the damage varied with connected devices and their charging capabilities. The researchers claimed that these vulnerable fast chargers came from 8 vendors who all have now been notified.
Prevention
How this attack could be prevented?
From the users' perspective, this scary attack can be prevented by making sure no unknown individual finds your fast charger. Meanwhile, tech companies, be it smartphone or notebook makers, can add more layers of protection to make sure that their charger firmware is not modified by threat attackers and devices remain shielded against charging overload.